post/nas
1
0
Fork 0
forked from gitea/nas
Code Pull requests Activity

Merge commit from fork

Browse source 
* Check scheme in account and post links

* Harden media attachments

* Client-side mitigation

* Client-side mitigation for media attachments
This commit is contained in:
Claire 2025-05-06 15:02:13 +02:00 committed by GitHub
parent 22e2e7f02b
commit 79931bf3ae
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 22 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/lib/activitypub/parser/media_attachment_parser.rb
View file

@ -15,13 +15,15 @@ class ActivityPub::Parser::MediaAttachmentParser
end
def remote_url
Addressable::URI.parse(@json['url'])&.normalize&.to_s
url = Addressable::URI.parse(@json['url'])&.normalize&.to_s
url unless unsupported_uri_scheme?(url)
rescue Addressable::URI::InvalidURIError
nil
end
def thumbnail_remote_url
Addressable::URI.parse(@json['icon'].is_a?(Hash) ? @json['icon']['url'] : @json['icon'])&.normalize&.to_s
url = Addressable::URI.parse(@json['icon'].is_a?(Hash) ? @json['icon']['url'] : @json['icon'])&.normalize&.to_s
url unless unsupported_uri_scheme?(url)
rescue Addressable::URI::InvalidURIError
nil
end